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Title: LIGHTWEIGHT PUBUC KEY INFRASTRUCTURE EMPLOYING UNSIGNED CERTIFICATES 



Please amend claims 1-13 and 25-27 as follows: 

1 . (Currently Amended) A public key infroritructure (PKI) s^;siem comprising: 



a certificate authority issuing a first certificate to the subject, die first certificate 
including a public key of the subject, long-term identification information related to the 
subject, and meta-data related to the first certificate, wherein the first certificate is not signed 
by the certificate authority, the certificate authority maintaining a database of records 
representing issued i^rtificates in which it stores a record representing the first certificate, 
wherein the issued certificates are each n ot signed by the certificate authority and are each 
valid until at lea&t one of revoked by the certificate authority and expired; and 

a verifier maintaining a hash table containing cryptographic hashes of valid 
certificates corresponding to the records stored in the database and including a cryptographic 
hash of the first certificater wherein the subject presents the issued first certificate to the 
verifier for authentic:ation and demonstrates that the subject has knowledge of a private key 
corresponding to the public key in the first certificate. 

2. (Currently Amended) The PK tpublic key system of claim 1 wherein the first 
certificate includes stn expiration date/time. 

3. (Currently Amended) The fiKl public key system of claim 1 wherein the first 
certificate does not include an expiration date/lime. 

4. (Currently Amended) The PK jpublic key system of claim 1 wherein the private key 
is stored in a smartcard accessible by the subject. 

5. (Currently Amended) The PK lpublic kev system of claim 1 wherein the private key 
is stored in a secure software wallet accessible by the subject. 



6. (Currently /\ mended) The PK Ipublic key system of claim 1 wherein the verifier 



IN THE CLAIMS 



a subject; 
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computes the cryptographic hash of the first certificate with a collision-resistant hash 
function. 

I 7. (Currently Amended) The PK ^Public key system of claim 6 wherein the coUision- 
resistant hash function is a SHA-1 hash function. 

I 8. (Currently Amended) The W tfpublic key system of claim 6 wherein the collision- 
resistant hash function is a MD5 hash function. 

j 9. (Currently Amended) The PK Ipublic key sv^stem of claim I wherein the certificate 
authority and the veiifier operate to revoke the first certificate when at least a portion of the 
long-term identificaiion information related to the subject no longer applies to the subject. 

j 10, (Currently Amended) The f ^public key system of claim 1 wherein the certificate 
authority and the yeiifier perform a revocation protocol to revoke the first certificate when at 
least one of the priyiite key is comprised and at least a portion of the long-term identification 
information related to the subject no longer applies to the subject, the revocation protocol 
including: 

the certificate authority retrieving a record representing the first certificate from the 
database and obtaining a cryptographic hash of the first certificate; 

the certificate authority sending a message to verifier containing the cryptographic 
hash of the first certificate and requesting that the verifier remove the corresponding 
cryptographic hash of the first certificate from its hash table; 

the verifier removing the cryptographic hash of the first certificate from its hash table 
and notifying the certificate authority that it has removed the cryptographic hash of the first 
certificate from its hash table; and 

the ceTtificat& authority collecting the notification sent by the verifier. 

I 11. (Currently Amended) The PK tpublic key system of claim 10 wherein the revocation 
protocol includes the certificate authority marking the record of the first certificate in the 
database as being invalid, for auditing purposes. 
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12. (Currently Amended) The PK Ipublic key system of claim 10 wherein the revocation 
protocol includes the certificate authority deleting the record representing the first certificate 
from the database. 

13. (Currently Amended) A method of authenticating a subject to a verifier in a public 
key infrontruoture (PFCD svstem , the method comprising the steps of: 

issuing a firsx certificate from a certificate authority to the subject, the first certificate 
including a public key of the subject, long-term identification information related to the 
subject, and meia-data related to the first certificate, wherein the first certificate is not signed 
by the certificate authority; 

maintaining, at the certificate authority, a database of records representing issued 
certificates that are each not signed by the certificate authority and are each_va!id until at least 
one of revoked by the certificate authority and expired; 

storing a record representing the first certificate in the database; 

maintaining, at the verifier, a hash table containing cryptographic hashes of valid 
certificates corresponding to the records stored in the database and including a cryptographic 
hash of the first certificate; 

presenting the issued first certificate from the subject to the verifier for authentication; 

demonstratmg, by the subject, that the subject has knowledge of a private key 
corresponding to the public key in the first certificate. 

14. (Previously l*resented) The method of claim 13 wherein the first certificate includes 
an expiration date/time^ 

15. (Previously iTesented) The method of claim 13 wherein the first certificate does not 
include an expiration date/time. 

16. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard accessible by the subject, 

4 
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17. (Original) The method of claim 13 fLirther comprising the step of: 
Storing the private key in a secure software wallet accessible by the subject. 

18. (Previously Presented) The method of claim 13 further comprising the step of: 
computing, by the verifier, the cryptographic hash of the first certificate with a 

collision-resistant hash function. 

19. (Original) The method of claim 1 8 wherein the collision-resistant hash function is a 
SHA-1 hash function, 

20. (Original) The method of claim 18 wherein the collision-resistant hash function is a 
MD5 hash function. 

21. (Previously Presented) The method of claim 13 further comprising the step of: 
revoking the first certificate when at least a portion of the long-term identification 

information related lo the subject no longer applies to the subject. 

22. (Previously J'resented) The method of claim 13 further comprising revoking the first 
certificate when at h^ast one of the private key is comprised and at least a portion of the long- 
term identification information related to the subject no longer applies to the subject, the 
revoking including: 

retrieving the record representing the first certificate from the certificate database and 
obtaining a cryptographic hash of the first certificate; 

sending a message from certificate authority to verifier containing the cryptographic 
hash of the first certificate; 

requesting that the verifier remove the corresponding cryptographic hash of the first 
certificate from its hash table; 

removing the cryptographic hash of the first certificate from the hash table; 

notifying the certificate authority that the cryptographic hash of the first certificate is 
removed from the hiish table; and 

collecting, at the certificate authority, the notification sent in the notifying step. 
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23. (Previously lYesented) The mechod of claim 22 wherein the revoking step further 
includes: 

marking the record representing the first certificate in the database as being invalid, 
for auditing purposes, 

24. (Previously T'resented) The method of claim 22 v^herein the revoking step further 
includes: 

deleting the iword representing the first certificate from the database. 

I 25. (Currently Amended) The PKf public key system of claim 1 wherein the meta-daia 
includes at least one of a serial number of the first certificate and a name of the certificate 
authority. 

j 26. (Currently Amended) The P KIpublic key .system of claim 1 wherein the long-term 
identification infonriation related to the subject includes at least one of the subjects' name 
and a number identij.'ying the subject. 

I 27. (Currendy Amended) The PK ipublic key system of claim 1 wherein the certificate 
authority and the verifier operate to revoke the first certificate when the private key 
corresponding to the public key in the first certificate is compromised. 

28. (Previously Presented) The method of claim 13 further comprising: 

revoking the first certificate when the private key corresponding to the public key in 
the first certificate is compromised. 
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